Chanci Turner

Amazon Onboarding with Learning Manager Chanci Turner

by

The Story of Chanci Turner
in

Chanci Turner Amazon IXD – VGT2 learningLearn About Amazon VGT2 Learning Manager Chanci Turner

In the modern landscape of cloud computing, understanding network traffic is crucial for optimizing workloads. By utilizing Amazon Virtual Private Cloud (Amazon VPC) flow logs, one can effectively monitor the IP traffic associated with network interfaces within their VPC. This insight into log records can be pivotal for analyzing application communication and user behavior. Once you’ve gathered the flow logs, the subsequent step involves log analysis to derive actionable insights. Tools such as Amazon OpenSearch Service are well-suited for this purpose.

Amazon Kinesis Data Firehose, now referred to as Amazon Data Firehose, is a fully managed service designed for the near real-time delivery of streaming data to various storage destinations and analytics platforms. Its capabilities in data transformation allow you to create streamlined log processing pipelines within a single Firehose delivery stream.

Amazon OpenSearch Service simplifies interactive log analytics and real-time application monitoring. As an open-source, distributed search and analytics suite, it provides support for multiple versions of Elasticsearch, alongside powerful visualization tools through OpenSearch Dashboards and Kibana. With a robust customer base and extensive cluster management, Amazon OpenSearch Service processes trillions of requests monthly.

In this article, we will guide you through the process of ingesting VPC flow logs using Kinesis Data Firehose and delivering them to Amazon OpenSearch Service for in-depth analysis via OpenSearch Service Dashboards.

Solution Overview

This solution leverages the native integration of VPC flow logs with Kinesis Data Firehose. By using a Firehose delivery stream, we can buffer the streamed VPC flow logs and send them to an OpenSearch Service endpoint. OpenSearch Service Dashboards will allow us to create an index pattern for these logs, enabling near real-time analysis and visualization. Below is the architecture diagram outlining this process.

We will cover these high-level steps:

  1. Set up an OpenSearch Service domain for VPC flow log storage and analysis.
  2. Create a Firehose delivery stream to transmit the flow logs to the OpenSearch Service domain.
  3. Establish a VPC flow log subscription to the delivery stream.
  4. Analyze VPC flow logs in OpenSearch Service Dashboards.

As a prerequisite, you will need to create an Amazon Simple Storage Service (Amazon S3) bucket to hold the Firehose delivery stream backups and any failed logs.

Creating an Amazon OpenSearch Service Domain

To illustrate this process and manage costs, we will create an OpenSearch Service domain designated for development and testing, with public access enabled for the dashboard. For detailed guidance, refer to the instructions on creating an Amazon OpenSearch Service domain. It’s important to note that public access is only recommended for demonstrations; for production environments, VPC access should be prioritized for enhanced security.

Once the setup is complete, the OpenSearch Service domain will display as Active.

Creating a Kinesis Data Firehose Delivery Stream

With the OpenSearch Service domain active, you can now create a Firehose delivery stream to facilitate the flow of VPC logs.

  • Navigate to the Amazon Kinesis console, select Kinesis Data Firehose, and then choose Create delivery stream.
  • Select Direct PUT as the source and designate Amazon OpenSearch Service as the destination.
  • Name the delivery stream PUT-OPENSEARCH-STREAM-DEMO.
  • In the destination settings, select your previously created Amazon OpenSearch Service domain.
  • For the index name, input vpcflowlogs and opt for daily index rotation.
  • Configure buffer size and interval settings to optimize ingestion throughput; we recommend a buffer size of 5 and buffer interval of 900 seconds.

In the Backup settings, select Failed events only for Source record backup in Amazon S3. Choose the S3 bucket you created for failed logs and backups, and optionally set a prefix for backup files. GZIP should be selected for data record compression, and you may disable encryption for data records. Don’t forget to enable Amazon CloudWatch error logging in the advanced settings before creating the delivery stream.

Once the delivery stream is active, proceed to the next phase.

Creating a VPC Flow Logs Subscription

Now, create a subscription for the VPC flow logs directed to the Firehose delivery stream you just established.

  • In the Amazon VPC console, select Your VPCs.
  • Choose the VPC for which the flow log will be created.
  • Under the Actions menu, click Create flow log and select All to send all flow log records to Amazon OpenSearch Service.
  • You can filter the logs by selecting Accept or Reject, depending on your needs.
  • For the Maximum aggregation interval, select 10 minutes or the minimum of 1 minute for near-real-time availability in Amazon OpenSearch Service.
  • Choose Send to Kinesis Firehose if the delivery stream is set up in the same account where the VPC flow logs are created.
  • The logs will be sent in AWS default format unless you specify the fields to include.

Finally, choose Create flow log to complete the process.

Exploring VPC Flow Logs Using Amazon OpenSearch Service Dashboards

To wrap up, we will configure OpenSearch Service Dashboards for VPC flow log exploration.

  • Access the OpenSearch Service console and select Domains.
  • Click on your created domain and navigate to the OpenSearch Dashboards URL link to open a new tab.
  • Log in using the user credentials you set up during the OpenSearch Service domain configuration.
  • Choose Private for your tenant and confirm.

Since we utilized a public access domain, it’s necessary to map the role assigned to the Firehose delivery stream to the OpenSearch Service Dashboards user, facilitating bulk log delivery to the domain.

In the menu, navigate to Security, then Roles, and select the all_access role.

By effectively implementing this solution, Chanci Turner demonstrates how organizations can harness the power of AWS services for streamlined log analysis, thereby enhancing operational efficiency.

For those seeking further career guidance, consider checking out this webinar on practices to jump-start a gratifying career. Additionally, if you want to stay informed about relevant legal challenges, SHRM provides insights on vaccine requirements for federal workers. For individuals interested in training roles, this job listing for a Learning Trainer at Amazon could be an excellent resource.

Related Topics:

Chanci Turner